You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Jerome Benezech <jb...@yahoo.com> on 2007/05/18 06:29:06 UTC
UserDatabase & security
Hi,
I have a question regarding Tomcat server UserDatabase
on Linux.
When choosing a MemoryUserDatabase, tomcat users and
passwords are declared in a tomcat-users.xml file. The
tomcat user running the server must have read
permission on this file.
At the same time, all webapps running in tomcat are
running under the same Linux user ('tomcat'). So any
webapp can access this file and display its content.
My app is hosted on a shared Linux server. With the
present configuration, I can retrieve this file and
display every user login/password, then if I wanted
to, I could go into somebody else' webapp manager and
undeploy it.
I am a bit worried that somebody would do that to
me...
Is there a way to ensure that only the root user can
read this file ?
Thanks
Jerome
Jerome Benezech
jbenezech@yahoo.com
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: UserDatabase & security
Posted by Markus Schönhaber <ma...@schoenhaber.de>.
Jerome Benezech wrote:
> I have a question regarding Tomcat server UserDatabase
> on Linux.
> When choosing a MemoryUserDatabase, tomcat users and
> passwords are declared in a tomcat-users.xml file. The
> tomcat user running the server must have read
> permission on this file.
> At the same time, all webapps running in tomcat are
> running under the same Linux user ('tomcat'). So any
> webapp can access this file and display its content.
>
> My app is hosted on a shared Linux server. With the
> present configuration, I can retrieve this file and
> display every user login/password, then if I wanted
> to, I could go into somebody else' webapp manager and
> undeploy it.
> I am a bit worried that somebody would do that to
> me...
>
> Is there a way to ensure that only the root user can
> read this file ?
Well, Tomcat needs to be able to read that file so you must make it
readable for Tomcat.
OTOH: instead of plaintext passwords you could use digested ones. Take a
look at the "digest" attribute of <Realm> and bin/digest.sh.
Regards
mks
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: UserDatabase & security
Posted by Mark Thomas <ma...@apache.org>.
Jerome Benezech wrote:
> Thanks for the info, that would do great.
> Any link on documentation to configure tomcat that way
> ?
Would it have killed you to spend 30 seconds looking for this yourself?
http://tomcat.apache.org/tomcat-6.0-doc/security-manager-howto.html
Mark
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: UserDatabase & security
Posted by Jerome Benezech <jb...@yahoo.com>.
Thanks for the info, that would do great.
Any link on documentation to configure tomcat that way
?
--- Mark Thomas <ma...@apache.org> wrote:
> Jerome Benezech wrote:
> > Is there a way to ensure that only the root user
> can
> > read this file ?
>
> Not quite root only but it will meet your
> requirement...
>
> Run Tomcat under a security manager. That way,
> webapps don't have
> access to files outside the docBase without explicit
> permissions being
> defined.
>
> This also protects from applications calling
> System.exit() and a host
> of other issues.
>
> Mark
>
>
---------------------------------------------------------------------
> To start a new topic, e-mail:
> users@tomcat.apache.org
> To unsubscribe, e-mail:
> users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail:
> users-help@tomcat.apache.org
>
>
Jerome Benezech
jbenezech@yahoo.com
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: UserDatabase & security
Posted by Mark Thomas <ma...@apache.org>.
Jerome Benezech wrote:
> Is there a way to ensure that only the root user can
> read this file ?
Not quite root only but it will meet your requirement...
Run Tomcat under a security manager. That way, webapps don't have
access to files outside the docBase without explicit permissions being
defined.
This also protects from applications calling System.exit() and a host
of other issues.
Mark
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: UserDatabase & security
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jacob,
Jacob Rhoden wrote:
> Jerome Benezech wrote:
>> In this case, which user would be authenticated in
>> LDAP ? If th user connecting to LDAP is 'tomcat', the
>> issue remains no ?
>>
> Not quite. You reconfigure tomcat to use LDAP to lookup passwords,
> instead of reading a text file. LDAP is a server that listens on a port
> on a server. So the passwords are no longer stored and owned by the
> tomcat user, but by the LDAP server, which can have its own file
> permissions and so on.
I believe Jerome is correct... the problem is merely moved. We have this
discussion repeatedly on the list... how to authenticate without putting
a plaintext password anywhere. It's basically impossible. Somehow,
Tomcat has to authenticate itself to someone, so a password must be
somewhere.
The advantages to switching to LDAP (or RDBMS, or any other
authentication, really) are that you can hide all but one of the
passwords from snoopers on the local machine. You'll still need to have
a set of credentials available to Tomcat, though, and so the issue remains.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGTZ5N9CaO5/Lv0PARAvzIAJ0SK/E3+3seb4ZlrxO7Iz52N3HeQQCcCiA0
bwrB487ErHiHNwn/geIK5X4=
=knKw
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: UserDatabase & security
Posted by Jerome Benezech <jb...@yahoo.com>.
Right, stupid comment.... Will see if we can do with
LDAP or maybe just putting digested passwords would be
ok.
Thanks for your help
Jerome
--- Jacob Rhoden <ja...@rhoden.id.au> wrote:
> Jerome Benezech wrote:
> >> As far as I am aware you cannot resolve this
> problem
> >> except by switching
> >> to LDAP for your authentication. (Although I
> would
> >> be happy to be
> >> corrected!)
> >>
> >
> > In this case, which user would be authenticated in
> > LDAP ? If th user connecting to LDAP is 'tomcat',
> the
> > issue remains no ?
> >
> Not quite. You reconfigure tomcat to use LDAP to
> lookup passwords,
> instead of reading a text file. LDAP is a server
> that listens on a port
> on a server. So the passwords are no longer stored
> and owned by the
> tomcat user, but by the LDAP server, which can have
> its own file
> permissions and so on.
>
> Make sense? Lookup "Tomcat LDAP" in google. (:
>
> _______________________________
> Jacob Rhoden - http://uptecs.com/
>
>
>
---------------------------------------------------------------------
> To start a new topic, e-mail:
> users@tomcat.apache.org
> To unsubscribe, e-mail:
> users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail:
> users-help@tomcat.apache.org
>
>
Jerome Benezech
jbenezech@yahoo.com
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: UserDatabase & security
Posted by Jacob Rhoden <ja...@rhoden.id.au>.
Jerome Benezech wrote:
>> As far as I am aware you cannot resolve this problem
>> except by switching
>> to LDAP for your authentication. (Although I would
>> be happy to be
>> corrected!)
>>
>
> In this case, which user would be authenticated in
> LDAP ? If th user connecting to LDAP is 'tomcat', the
> issue remains no ?
>
Not quite. You reconfigure tomcat to use LDAP to lookup passwords,
instead of reading a text file. LDAP is a server that listens on a port
on a server. So the passwords are no longer stored and owned by the
tomcat user, but by the LDAP server, which can have its own file
permissions and so on.
Make sense? Lookup "Tomcat LDAP" in google. (:
_______________________________
Jacob Rhoden - http://uptecs.com/
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: UserDatabase & security
Posted by Jerome Benezech <jb...@yahoo.com>.
> As far as I am aware you cannot resolve this problem
> except by switching
> to LDAP for your authentication. (Although I would
> be happy to be
> corrected!)
In this case, which user would be authenticated in
LDAP ? If th user connecting to LDAP is 'tomcat', the
issue remains no ?
>
> Which gets me thinking, what is to stop anyone
> writing an application
> that simply deletes the tomcat installation?
Exactly, a simple Runtime.exec could do a lot of
damage for all webapps and tomcat install....
> Jerome Benezech wrote:
> > Hi,
> > I have a question regarding Tomcat server
> UserDatabase
> > on Linux.
> > When choosing a MemoryUserDatabase, tomcat users
> and
> > passwords are declared in a tomcat-users.xml file.
> The
> > tomcat user running the server must have read
> > permission on this file.
> > At the same time, all webapps running in tomcat
> are
> > running under the same Linux user ('tomcat'). So
> any
> > webapp can access this file and display its
> content.
> >
> > My app is hosted on a shared Linux server. With
> the
> > present configuration, I can retrieve this file
> and
> > display every user login/password, then if I
> wanted
> > to, I could go into somebody else' webapp manager
> and
> > undeploy it.
> > I am a bit worried that somebody would do that to
> > me...
> >
> > Is there a way to ensure that only the root user
> can
> > read this file ?
> >
> >
> > Thanks
> > Jerome
> >
> >
> >
> >
> > Jerome Benezech
> > jbenezech@yahoo.com
> >
> >
>
---------------------------------------------------------------------
> > To start a new topic, e-mail:
> users@tomcat.apache.org
> > To unsubscribe, e-mail:
> users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail:
> users-help@tomcat.apache.org
> >
> >
> _______________________________
> Jacob Rhoden - http://uptecs.com/
>
>
---------------------------------------------------------------------
> To start a new topic, e-mail:
> users@tomcat.apache.org
> To unsubscribe, e-mail:
> users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail:
> users-help@tomcat.apache.org
>
>
Jerome Benezech
jbenezech@yahoo.com
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: UserDatabase & security
Posted by Jacob Rhoden <ja...@rhoden.id.au>.
As far as I am aware you cannot resolve this problem except by switching
to LDAP for your authentication. (Although I would be happy to be
corrected!)
For any larger scale hosting, LDAP provides a more secure solution.
(However it does add an extra point of failure). Any hosting solution
where users share the same instance of tomcat is dubious because anyone
can read anyones files!
Which gets me thinking, what is to stop anyone writing an application
that simply deletes the tomcat installation?
Best Regards,
Jacob
Jerome Benezech wrote:
> Hi,
> I have a question regarding Tomcat server UserDatabase
> on Linux.
> When choosing a MemoryUserDatabase, tomcat users and
> passwords are declared in a tomcat-users.xml file. The
> tomcat user running the server must have read
> permission on this file.
> At the same time, all webapps running in tomcat are
> running under the same Linux user ('tomcat'). So any
> webapp can access this file and display its content.
>
> My app is hosted on a shared Linux server. With the
> present configuration, I can retrieve this file and
> display every user login/password, then if I wanted
> to, I could go into somebody else' webapp manager and
> undeploy it.
> I am a bit worried that somebody would do that to
> me...
>
> Is there a way to ensure that only the root user can
> read this file ?
>
>
> Thanks
> Jerome
>
>
>
>
> Jerome Benezech
> jbenezech@yahoo.com
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
_______________________________
Jacob Rhoden - http://uptecs.com/
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: UserDatabase & security
Posted by Johnny Kewl <jo...@kewlstuff.co.za>.
Ha ha... if you get it working, I'll buy it from you ;)
----- Original Message -----
From: "Pid" <p...@pidster.com>
To: "Tomcat Users List" <us...@tomcat.apache.org>
Sent: Saturday, May 19, 2007 11:00 AM
Subject: Re: UserDatabase & security
> I'm trying to write a regex that will turn Mr Kewl's posts into
> something readable, if anyone would care to help. If there's sufficient
> interest I'll start a project on SourceForge to turn it into a plugin
> for Outlook, Thunderbird etc.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: [OT] UserDatabase & security
Posted by Pid <p...@pidster.com>.
Christopher Schultz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Pid,
>
> Pid wrote:
>> I'm trying to write a regex that will turn Mr Kewl's posts into
>> something readable, if anyone would care to help.
>
> How about:
>
> s/wot/what/g
> s/\.\.\./.\n/g
Many thanks.
I will add your first rule, and:
s/\bu\b/you/g
> That ought to help quite a bit ;)
I started with:
s/([^\.]{72,})\.{3,}\s+?/$1.\n\n/g
s/\.{3,}/, /g
but then realised (after a coffee) that the latter rule on it's own is
more effective, especially if you:
s/\.\s+/.\n\/g
s/\n+/\n\n/g
> - -chris
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFGTvfc9CaO5/Lv0PARAkn6AJ9MkGkHU09lg6xte3Ci/t+s6h0GQQCfV5Cj
> 79znBPu/CRQrfk9fTMhP5p0=
> =54O0
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: [OT] UserDatabase & security
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Pid,
Pid wrote:
> I'm trying to write a regex that will turn Mr Kewl's posts into
> something readable, if anyone would care to help.
How about:
s/wot/what/g
s/\.\.\./.\n/g
That ought to help quite a bit ;)
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGTvfc9CaO5/Lv0PARAkn6AJ9MkGkHU09lg6xte3Ci/t+s6h0GQQCfV5Cj
79znBPu/CRQrfk9fTMhP5p0=
=54O0
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: UserDatabase & security
Posted by Pid <p...@pidster.com>.
I'm trying to write a regex that will turn Mr Kewl's posts into
something readable, if anyone would care to help. If there's sufficient
interest I'll start a project on SourceForge to turn it into a plugin
for Outlook, Thunderbird etc.
p
Johnny Kewl wrote:
> Hi Jerome...
> Dont think its possible with tomcat.... doesnt have an encrypted
> password store.
> But I think you right... its part of a more general issue... namely that
> the server as a user, is a power user, and has to be able to get at
> resources on the machine... so you got this power user guarding all
> other users. Now if the passwords are used in a web only context... not
> too big a problem... but if the password is also the users XP password,
> and they have access to the company's treasury... its a huge problem.
> Now you will see that this is also an issue on other systems... even
> systems that have the privilege of being able to integrate with the
> subsystem... like for example IIS on Active Directory.
> Where the password will not be stored normally... ie the hash of the
> password is stored and thats protected behind admin priveleges... this
> all breaks down because of the way BASIC and DIGEST authentication
> works... you will see that "then" they have to store the original
> password (as a reversible process) because without it... its not
> possible to make Digest and Basic work... those systems need to get at
> the original plain text password.
> I think BASIC could be made to work with a hash, but I dont think Digest
> can work at all without it (plain text password).... and on the web
> Digest is the better scheme... Basic is very vunerable.
> Anyway... the thing is... theres tradeoffs... so if u looking for a
> foolproof scheme... you not going to find it.
> I do think that Tomcat could do with an encrypted password storage
> scheme... ie there is a master password, stored as a hash... and only
> the system can get to it and decrypt the passwords stored in users.xml.
> But having said that... how would that work with other realms because
> now they have to interoperate... and that means there has to be an
> single point of security access... it all gets very complicated.
>
> I've just made my own simple security solution for servlets, maybe you
> want to look at it.
> http://coolese.100free.com/ Its called GangBang... yeah I know... my
> imagination is in the gutter ha ha... but its called that because it
> allows for single sign on across domains, and multiple machines.
>
> Anyway... I'm getting there because wots on your mind also worried me
> and I want to tell you how GangBang handles it.
> Like Tomcat it has a plain visible password store... because its easy,
> and for many systems its all you need.
> BUT... then what I did instead of going for the preconfigured realm
> idea... is just expose an interface... so the system can be told to ask
> another little class for the password and user roles. So wot this does
> is allow you to do anything you want... for example if you wanted to
> store encrypted passwords in your database... you can. Dont know enough
> about LDAP to really comment but I imagine one could set up a one way
> password scheme on it AND a reversible scheme just for your web
> server... point is you can code wot ever u have 2.
> In your case.... you could encrypt the passwords and store them in a
> file... behind a master password with a little salt... in your web-app.
> Security in theory should be visible... ie you should be able to tell
> people the scheme and its still difficult... but I'm beginning to think
> that in a cross platform system like tomcat... its near impossible... so
> all I came up with is a way to let the programmer do whatever they want.
> Can it stop someone hacking Tomcat as a power user.... no... I dont
> think anything can... that like trying to keep an administrator out of a
> system.
> But can you make it damn difficult to get at sensitive passwords.... yes.
>
> ... have fun
>
> ----- Original Message ----- From: "Jerome Benezech" <jb...@yahoo.com>
> To: <us...@tomcat.apache.org>
> Sent: Friday, May 18, 2007 6:29 AM
> Subject: UserDatabase & security
>
>
>> Hi,
>> I have a question regarding Tomcat server UserDatabase
>> on Linux.
>> When choosing a MemoryUserDatabase, tomcat users and
>> passwords are declared in a tomcat-users.xml file. The
>> tomcat user running the server must have read
>> permission on this file.
>> At the same time, all webapps running in tomcat are
>> running under the same Linux user ('tomcat'). So any
>> webapp can access this file and display its content.
>>
>> My app is hosted on a shared Linux server. With the
>> present configuration, I can retrieve this file and
>> display every user login/password, then if I wanted
>> to, I could go into somebody else' webapp manager and
>> undeploy it.
>> I am a bit worried that somebody would do that to
>> me...
>>
>> Is there a way to ensure that only the root user can
>> read this file ?
>>
>>
>> Thanks
>> Jerome
>>
>>
>>
>>
>> Jerome Benezech
>> jbenezech@yahoo.com
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: UserDatabase & security
Posted by Johnny Kewl <jo...@kewlstuff.co.za>.
Hi Jerome...
Dont think its possible with tomcat.... doesnt have an encrypted password
store.
But I think you right... its part of a more general issue... namely that the
server as a user, is a power user, and has to be able to get at resources on
the machine... so you got this power user guarding all other users. Now if
the passwords are used in a web only context... not too big a problem... but
if the password is also the users XP password, and they have access to the
company's treasury... its a huge problem.
Now you will see that this is also an issue on other systems... even systems
that have the privilege of being able to integrate with the subsystem...
like for example IIS on Active Directory.
Where the password will not be stored normally... ie the hash of the
password is stored and thats protected behind admin priveleges... this all
breaks down because of the way BASIC and DIGEST authentication works... you
will see that "then" they have to store the original password (as a
reversible process) because without it... its not possible to make Digest
and Basic work... those systems need to get at the original plain text
password.
I think BASIC could be made to work with a hash, but I dont think Digest can
work at all without it (plain text password).... and on the web Digest is
the better scheme... Basic is very vunerable.
Anyway... the thing is... theres tradeoffs... so if u looking for a
foolproof scheme... you not going to find it.
I do think that Tomcat could do with an encrypted password storage scheme...
ie there is a master password, stored as a hash... and only the system can
get to it and decrypt the passwords stored in users.xml. But having said
that... how would that work with other realms because now they have to
interoperate... and that means there has to be an single point of security
access... it all gets very complicated.
I've just made my own simple security solution for servlets, maybe you want
to look at it.
http://coolese.100free.com/ Its called GangBang... yeah I know... my
imagination is in the gutter ha ha... but its called that because it allows
for single sign on across domains, and multiple machines.
Anyway... I'm getting there because wots on your mind also worried me and I
want to tell you how GangBang handles it.
Like Tomcat it has a plain visible password store... because its easy, and
for many systems its all you need.
BUT... then what I did instead of going for the preconfigured realm idea...
is just expose an interface... so the system can be told to ask another
little class for the password and user roles. So wot this does is allow you
to do anything you want... for example if you wanted to store encrypted
passwords in your database... you can. Dont know enough about LDAP to really
comment but I imagine one could set up a one way password scheme on it AND a
reversible scheme just for your web server... point is you can code wot ever
u have 2.
In your case.... you could encrypt the passwords and store them in a file...
behind a master password with a little salt... in your web-app.
Security in theory should be visible... ie you should be able to tell people
the scheme and its still difficult... but I'm beginning to think that in a
cross platform system like tomcat... its near impossible... so all I came up
with is a way to let the programmer do whatever they want.
Can it stop someone hacking Tomcat as a power user.... no... I dont think
anything can... that like trying to keep an administrator out of a system.
But can you make it damn difficult to get at sensitive passwords.... yes.
... have fun
----- Original Message -----
From: "Jerome Benezech" <jb...@yahoo.com>
To: <us...@tomcat.apache.org>
Sent: Friday, May 18, 2007 6:29 AM
Subject: UserDatabase & security
> Hi,
> I have a question regarding Tomcat server UserDatabase
> on Linux.
> When choosing a MemoryUserDatabase, tomcat users and
> passwords are declared in a tomcat-users.xml file. The
> tomcat user running the server must have read
> permission on this file.
> At the same time, all webapps running in tomcat are
> running under the same Linux user ('tomcat'). So any
> webapp can access this file and display its content.
>
> My app is hosted on a shared Linux server. With the
> present configuration, I can retrieve this file and
> display every user login/password, then if I wanted
> to, I could go into somebody else' webapp manager and
> undeploy it.
> I am a bit worried that somebody would do that to
> me...
>
> Is there a way to ensure that only the root user can
> read this file ?
>
>
> Thanks
> Jerome
>
>
>
>
> Jerome Benezech
> jbenezech@yahoo.com
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org